Israel Post, Israel's leading mail delivery service, said it had patched a significant vulnerability in its parcel delivery system that allowed unauthorized access to sensitive information of customers ordering from online retail platforms like Ali Express and eBay.
Rotem Reiss, the director of product security at Playtika and a white-hat hacker, discovered the breach and worked with authorities to secure the system.
Initially, Israel Post attributed the problem to simple login credentials, leading to strengthened password requirements. Although the breach exposed some customer data, critical details like payment methods or Israeli ID numbers were not compromised, ensuring users' key information remained protected.
However, the nature of the breach means it's impossible to confirm this with absolute certainty, as hackers could leave no trace.
Reiss, who discovered and helped fix the leak, has aided numerous organizations, including government entities and corporations like Microsoft and Yahoo in securing their systems. He noted that despite expectations, government services often fall short on security.
Despite Israel's reputation as a "high-tech nation," its market remains vulnerable to cyberattacks. Recent incidents, such as breaches at Shirbit Insurance, Hillel Yaffe Medical Center, the Atraf LGBT dating site and Signature-IT storage service, highlight the ongoing risk, with personal details of up to 3 million Israelis potentially exposed to adversaries.
Israel Post said in response that the issue stemmed from an "external application used by small businesses who work with us to deliver parcels to private customers" which "merely includes limited details about the parcels, such as item number and its location, the name of the intended recipient and phone number to send important messages about delivery."